CVE-2017-15671

Source
Severity Medium
Remote Yes
Type Denial of service
Description
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
Group Package Affected Fixed Severity Status Ticket
AVG-460 glibc, lib32-glibc 2.26-8 2.26-9 High Fixed
Date Advisory Group Package Severity Description
10 Jan 2018 ASA-201801-9 AVG-460 glibc High multiple issues
10 Jan 2018 ASA-201801-8 AVG-460 lib32-glibc High multiple issues
References
http://seclists.org/oss-sec/2017/q4/119
https://sourceware.org/bugzilla/show_bug.cgi?id=22325
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=f1cf98b583787cfb6278baea46e286a0ee7567fd
https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=6803dda53781f7da920f568a31610d41e5c3a351